filebrowser icon indicating copy to clipboard operation
filebrowser copied to clipboard
verified publisher icon filebrowser

Redirect login to external service

Open stashymane opened this issue 4 years ago • 2 comments

Currently, no matter what auth method is used, the login link redirects to filebrowser's own login, which is, at least from what I can see, no-op with proxy auth. It would be great if proxy auth also allowed the login link to redirect to the service used for authentication.

stashymane avatar Jul 23 '21 01:07 stashymane

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

github-actions[bot] avatar Sep 20 '22 02:09 github-actions[bot]

Please reconsider using stalebot, feature requests don't get implemented accidentally.

stashymane avatar Sep 20 '22 06:09 stashymane

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

github-actions[bot] avatar Oct 22 '22 02:10 github-actions[bot]

Still not implemented. And stalebot is still awful.

stashymane avatar Oct 22 '22 11:10 stashymane

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

github-actions[bot] avatar Nov 23 '22 02:11 github-actions[bot]

Not stale. A feature request cannot become stale.

stashymane avatar Nov 23 '22 07:11 stashymane

I think this misunderstands the point of proxy auth - if you're using a proxy for authentication, it's supposed to do everything so FB never even sees an unauthenticated user. That all works fine - if you're successfully setting the user header in the proxy and have FB configured to use it.

On the other hand that blocks using sharing links, so supporting OAUTH properly would be nice.

pseudocoder avatar Dec 24 '22 09:12 pseudocoder

Keeping public sharig is the whole point :) Oauth is probably going to be a much larger undertaking than just a quick redirect though

stashymane avatar Dec 24 '22 09:12 stashymane

It can work, only a limited number of paths need to bypass the proxy check:

I use vouch-proxy in nginx to check/enforce OAUTH, and the config below works for me to allow sharing. My filebrowser runs on port 500 in a docker on the same machine as the proxy, with the path /browse/ and expects the header X-Vouch-User to include the username.

    location /browse/ {
        auth_request /vouch/validate;
        auth_request_set $auth_resp_x_vouch_user $upstream_http_x_vouch_user;
        error_page 401 = @error401;

        proxy_pass http://127.0.0.1:500/;
        proxy_set_header Host $http_host;
        proxy_set_header X-Vouch-User $auth_resp_x_vouch_user;
        client_max_body_size 20m;
    }

    location ~* /browse/(api\/public|share|static)(.*) {
        proxy_pass http://127.0.0.1:500;
        proxy_set_header Host $http_host;
        proxy_set_header X-Vouch-User $auth_resp_x_vouch_user;
        client_max_body_size 20m;
    }

pseudocoder avatar Dec 24 '22 10:12 pseudocoder

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

github-actions[bot] avatar Jan 24 '23 01:01 github-actions[bot]

This issue was closed because it has been stalled for 5 days with no activity.

github-actions[bot] avatar Jan 29 '23 02:01 github-actions[bot]